Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: BPF: sockmap: Fixed a use-after-free of sk-sksocket in skpsockverdictdataready. syzbot reported a use-after-free of the UNIX socket’s sk-sksocket in skpsockverdictdataready. 0 In unixstreamsendmsg, the peer’s -skdataready is call...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerabilities have been resolved: - rxrpc: Fixed the locking mechanism in rxrpc’s sendmsg function. - Three bugs in the implementation of rxrpc’s sendmsg function have been fixed: 1 The rxrpcnewclientcall function should release the socket lock when returning ...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: virtionet: fixed device mismatch in devmkzalloc/devmkfree The initial rsshdr allocation uses virtiodevice-device, but virtnetsetqueues frees resources using netdevice-device. This device mismatch causes the following devres...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: Regulator: bq257xx: Fixed the issue of a reference leak on the device node in bq257xxregdtparsegpio. In bq257xxregdtparsegpio, if it fails to obtain a sub-child node, it returns without calling nodeputchild, resulting in a...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerabilities have been resolved: ksmbd: Fixed a signedness bug in smbdirectpreparenegotiation. The function smbdirectpreparenegotiation casts a unsigned u32 value from sp-maxrecvsize and req-preferredsendsize into a signed int before calculating mintint, .......

Astra Linux - уязвимость в linux-6.1

In the Linux kernel, the following vulnerability has been resolved: Block layer: Fixed a warning in copyfromiter. Syzkaller reported a warning in copyfromiter because an ioviter was supposedly used in the wrong direction. The reason is that Syzkaller managed to generate a request with a transfer...

Astra Linux - уязвимость в sox

A floating-point exception division by zero issue was discovered in SoX during the execution of the startread function in the wav.c file. An attacker who possesses a malicious wav file could cause the application to crash...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: HID: appletbkbd: fixed a “slab-use-after-free” bug in appletbkbdprobe. In the probe function appletbkbdprobe, an instance of “struct appletbkbd kbd” is allocated using devmkzalloc to store touch-bar keyboard-related data. Later, ...

Astra Linux - уязвимость в linux-5.10, linux

In the Linux kernel, the following vulnerability has been resolved: mm/slub: Fixed the issue by returning errno if kmalloc fails. In createuniqueid, kmalloc, GFPKERNEL may fail due to out-of-memory conditions. If this happens, errno should be returned correctly instead of triggering a panic via...

Astra Linux - уязвимость в linux, linux-5.10

In the Linux kernel, the following vulnerability has been resolved: igbvf: fixed a double-free in igbvfprobe. In igbvfprobe, if registernetdev fails, the program will proceed to label errHWinit, and then to label errioremap. In freenetdev, which occurs just below label errioremap, there are...

Astra Linux - уязвимость в linux-6.1, linux-5.15

In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: amdgputtmgartbind set gtt bound flag Otherwise, after the GTT context is released, the GTT and gart space are freed. However, amdgputtmbackendunbind does not clear the gart page table entry, leaving a valid mapping...

Astra Linux - уязвимость в linux-5.10, linux-6.1, linux, linux-5.15

In the Linux kernel, the following vulnerability has been resolved: drm/i915/gt: Resets queuepriorityhint when parking Originally, with strict order execution, we could only complete execution when the queue was empty. Preempt-to-busy allows for replacing an active request that may complete befor...

Astra Linux - уязвимость в linux-6.1

In the Linux kernel, the following vulnerability has been resolved: LoongArch: BPF: Prevent out-of-bounds memory access The testtag test triggers an unhandled page fault: ./testtag 130.640218 CPU 0 Unable to handle kernel paging request at virtual address ffff80001b898004, era == 9000000003137f7c...

Astra Linux - уязвимость в linux, linux-5.10

There is a bug in /net/nfc/netlink.c that allows an attacker to crash the Linux kernel by simulating an NFC device from user-space...

Astra Linux – Vulnerability in libpodofo

A flaw was discovered in PoDoFo 0.9.7. An uncontrolled recursive call within the PdfNamesTree::AddToDictionary function in src/podofo/doc/PdfNamesTree.cpp can lead to a stack overflow issue...

Astra Linux - уязвимость в linux-5.10, linux-6.1, linux, linux-5.15

In the Linux kernel, the following vulnerability has been resolved: iavf: Fixed a use-after-free in freenetdev. We perform netifnapiadd for all allocated qvectors, but potentially also perform netifnapidel for some of them. Then, we call kfree on the qvectors, leaving invalid pointers in...

Astra Linux - уязвимость в linux-6.1

In the Linux kernel, the following vulnerabilities have been resolved: btrfs: removed BUGON functions in addnewfreespace In addnewfreespace, there are BUGON functions that are used to handle any failures in adding free space to the in-memory free space cache. Such failures are mostly due to ENOME...

Astra Linux - уязвимость в linux-5.10, linux, linux-5.15

In the Linux kernel, the following vulnerability has been resolved: ocfs2: Fix for defragmentation path triggering jbd2 assertion. Code paths: - ocfs2ioctlmoveextents - ocfs2moveextents - ocfs2defragextent - ocfs2moveextent - + ocfs2journalaccessdi - + ocfs2splitextent // Sub-path calls...

Astra Linux - уязвимость в linux-5.10, linux

In the Linux kernel, the following vulnerabilities have been resolved: udf: Fixed a slab-out-of-bounds write bug in udffindentry Syzbot reported a slab-out-of-bounds Write bug: loop0: A capacity change from 0 to 2048 was detected. ==================================================================...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: In ext4, the work related to queued discard operations is always drained in ext4mbrelease. While reviewing the recent ext4 patch1, Sashiko raised the following concern2: If the filesystem is initially mounted with the discard...